/ 
XML-LibXML-2.0209
/ XML::LibXML::CDATASection
Security Advisories (1)
CVE-2026-8177 (2026-05-10)

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.

NAME

XML::LibXML::CDATASection - XML::LibXML Class for CDATA Sections

SYNOPSIS

use XML::LibXML;
# Only methods specific to CDATA nodes are listed here,
# see the XML::LibXML::Node manpage for other methods

$node = XML::LibXML::CDATASection->new( $content );

DESCRIPTION

This class provides all functions of XML::LibXML::Text, but for CDATA nodes.

METHODS

The class inherits from XML::LibXML::Node. The documentation for Inherited methods is not listed here.

Many functions listed here are extensively documented in the DOM Level 3 specification (http://www.w3.org/TR/DOM-Level-3-Core/). Please refer to the specification for extensive documentation.

new
$node = XML::LibXML::CDATASection->new( $content );

The constructor is the only provided function for this package. It is required, because libxml2 treats the different text node types slightly differently.

AUTHORS

Matt Sergeant, Christian Glahn, Petr Pajas

VERSION

2.0209

COPYRIGHT

2001-2007, AxKit.com Ltd.

2002-2006, Christian Glahn.

2006-2009, Petr Pajas.

LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.